Industrial giants Siemens, Schneider Electric and Phoenix Contact have released ICS security advisories on the May 2025 Patch Tuesday. The cybersecurity agencies CISA and CERT@VDE have also published advisories.
While most of the vulnerabilities described in the advisories have been patched, only mitigations and workarounds are currently available for some of the flaws.
Siemens has published 18 new advisories, including four that cover critical-severity vulnerabilities. One of them describes an authentication bypass issue in the Redfish interface of the BMC controller used by Simatic industrial PCs. The flaw was disclosed by firmware security company Eclypsium in March.
Another critical advisory describes an OZW web server flaw that can be exploited to execute arbitrary code with root privileges, and one security hole that can be leveraged by an attacker to gain admin privileges.
Three vulnerabilities that can allow an authenticated attacker to execute arbitrary code with root privileges on Ruggedcom ROX II devices have also been classified as ‘critical’.
Siemens has also published another advisory for the vulnerability known as BlastRADIUS, specifically its impact on Siprotec, Sicam and other products.
Siemens addressed high-severity vulnerabilities in VersiCharge EV chargers, Simatic PCS neo, Desigo CC, Scalance, Sirius, Intralog, and Teamcenter Visualization products. Medium-severity issues were resolved in Polarion, BACnet, MS/TP Point Pickup Module, Mendix, and Ruggedcom products.
Schneider Electric has published four new advisories, each covering one vulnerability. Two of the advisories describe the impact of CVE-2023-4041, an older Silicon Labs Gecko bootloader flaw, on PrismaSeT Active and Wiser home automation products.
One advisory describes the impact of CVE-2025-32433, a recently disclosed Erlang/OTP SSH flaw that exposes many devices to complete takeover. Schneider has determined that the vulnerability impacts its Galaxy data center UPS products.
The last Schneider advisory describes a high-severity information disclosure vulnerability that can be exploited by an unauthenticated attacker to read arbitrary files in Modicon PLCs.
Phoenix Contact has informed customers that some of its bus couplers are impacted by a high-severity DoS vulnerability that has been observed during network scans. An unauthenticated attacker could exploit the security hole remotely to cause disruption by sending a large number of requests to port 80.
Germany’s CERT@VDE has published three advisories, including for a high-severity privilege escalation issue affecting a portal of solar energy equipment firm SMA Solar Technology, an XSS flaw affecting multiple Wiesemann & Theis products, and the aforementioned Phoenix Contact DoS vulnerability.
CISA published four new advisories on Patch Tuesday. Three of them describe over 20 vulnerabilities across Hitachi Energy MACH GWS, Relion, and Service Suite products. The fourth advisory informs organizations about two high-severity bugs in ABB’s Automation Builder product.
Related: ICS Patch Tuesday: Vulnerabilities Addressed by Rockwell, ABB, Siemens, Schneider
Related: ICS Patch Tuesday: Advisories Published by CISA, Schneider Electric, Siemens